Skip to content
Permalink
Browse files

doh: disable DOH for the cases it doesn't work

Due to limitations in Curl_resolver_wait_resolv(), it doesn't work for
DOH resolves. This fix disables DOH for those.

Limitation added to KNOWN_BUGS.

Fixes #3850
Closes #3857
  • Loading branch information...
bagder committed May 9, 2019
1 parent edf2f6a commit 12d655d4561cfee0103c57e791c59a263863e561
Showing with 26 additions and 11 deletions.
  1. +11 −0 docs/KNOWN_BUGS
  2. +1 −1 lib/connect.c
  3. +3 −3 lib/ftp.c
  4. +4 −3 lib/hostip.c
  5. +5 −2 lib/hostip.h
  6. +2 −2 lib/socks.c
@@ -19,6 +19,7 @@ problems may have been fixed or changed somewhat since this was written!
1.5 Expect-100 meets 417
1.6 Unnecessary close when 401 received waiting for 100
1.7 Deflate error after all content was received
1.8 DoH isn't used for all name resolves when enabled
1.9 HTTP/2 frames while in the connection pool kill reuse
1.10 Strips trailing dot from host name
1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM
@@ -166,6 +167,16 @@ problems may have been fixed or changed somewhat since this was written!

See https://github.com/curl/curl/issues/2719

1.8 DoH isn't used for all name resolves when enabled

Even if DoH is specified to be used, there are some name resolves that are
done without it. This should be fixed. When the internal function
`Curl_resolver_wait_resolv()` is called, it doesn't use DoH to complete the
resolve as it otherwise should.

See https://github.com/curl/curl/pull/3857 and
https://github.com/curl/curl/pull/3850

1.9 HTTP/2 frames while in the connection pool kill reuse

If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to
@@ -357,7 +357,7 @@ static CURLcode bindlocal(struct connectdata *conn,
conn->ip_version = CURL_IPRESOLVE_V6;
#endif

rc = Curl_resolv(conn, dev, 0, &h);
rc = Curl_resolv(conn, dev, 0, FALSE, &h);
if(rc == CURLRESOLV_PENDING)
(void)Curl_resolver_wait_resolv(conn, &h);
conn->ip_version = ipver;
@@ -1080,7 +1080,7 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
}

/* resolv ip/host to ip */
rc = Curl_resolv(conn, host, 0, &h);
rc = Curl_resolv(conn, host, 0, FALSE, &h);
if(rc == CURLRESOLV_PENDING)
(void)Curl_resolver_wait_resolv(conn, &h);
if(h) {
@@ -1934,7 +1934,7 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
*/
const char * const host_name = conn->bits.socksproxy ?
conn->socks_proxy.host.name : conn->http_proxy.host.name;
rc = Curl_resolv(conn, host_name, (int)conn->port, &addr);
rc = Curl_resolv(conn, host_name, (int)conn->port, FALSE, &addr);
if(rc == CURLRESOLV_PENDING)
/* BLOCKING, ignores the return code but 'addr' will be NULL in
case of failure */
@@ -1950,7 +1950,7 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
}
else {
/* normal, direct, ftp connection */
rc = Curl_resolv(conn, ftpc->newhost, ftpc->newport, &addr);
rc = Curl_resolv(conn, ftpc->newhost, ftpc->newport, FALSE, &addr);
if(rc == CURLRESOLV_PENDING)
/* BLOCKING */
(void)Curl_resolver_wait_resolv(conn, &addr);
@@ -482,6 +482,7 @@ Curl_cache_addr(struct Curl_easy *data,
int Curl_resolv(struct connectdata *conn,
const char *hostname,
int port,
bool allowDOH,
struct Curl_dns_entry **entry)
{
struct Curl_dns_entry *dns = NULL;
@@ -527,7 +528,7 @@ int Curl_resolv(struct connectdata *conn,
return CURLRESOLV_ERROR;
}

if(data->set.doh) {
if(allowDOH && data->set.doh) {
addr = Curl_doh(conn, hostname, port, &respwait);
}
else {
@@ -653,7 +654,7 @@ int Curl_resolv_timeout(struct connectdata *conn,

if(!timeout)
/* USE_ALARM_TIMEOUT defined, but no timeout actually requested */
return Curl_resolv(conn, hostname, port, entry);
return Curl_resolv(conn, hostname, port, TRUE, entry);

if(timeout < 1000) {
/* The alarm() function only provides integer second resolution, so if
@@ -715,7 +716,7 @@ int Curl_resolv_timeout(struct connectdata *conn,
/* Perform the actual name resolution. This might be interrupted by an
* alarm if it takes too long.
*/
rc = Curl_resolv(conn, hostname, port, entry);
rc = Curl_resolv(conn, hostname, port, TRUE, entry);

#ifdef USE_ALARM_TIMEOUT
clean_up:
@@ -83,8 +83,11 @@ struct Curl_dns_entry {
#define CURLRESOLV_ERROR -1
#define CURLRESOLV_RESOLVED 0
#define CURLRESOLV_PENDING 1
int Curl_resolv(struct connectdata *conn, const char *hostname,
int port, struct Curl_dns_entry **dnsentry);
int Curl_resolv(struct connectdata *conn,
const char *hostname,
int port,
bool allowDOH,
struct Curl_dns_entry **dnsentry);
int Curl_resolv_timeout(struct connectdata *conn, const char *hostname,
int port, struct Curl_dns_entry **dnsentry,
time_t timeoutms);
@@ -155,7 +155,7 @@ CURLcode Curl_SOCKS4(const char *proxy_user,
Curl_addrinfo *hp = NULL;
int rc;

rc = Curl_resolv(conn, hostname, remote_port, &dns);
rc = Curl_resolv(conn, hostname, remote_port, FALSE, &dns);

if(rc == CURLRESOLV_ERROR)
return CURLE_COULDNT_RESOLVE_PROXY;
@@ -609,7 +609,7 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
else {
struct Curl_dns_entry *dns;
Curl_addrinfo *hp = NULL;
int rc = Curl_resolv(conn, hostname, remote_port, &dns);
int rc = Curl_resolv(conn, hostname, remote_port, FALSE, &dns);

if(rc == CURLRESOLV_ERROR)
return CURLE_COULDNT_RESOLVE_HOST;

0 comments on commit 12d655d

Please sign in to comment.
You can’t perform that action at this time.